1 /*
2 * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <sys/cdefs.h>
11 #include <sys/libkern.h>
12 #include <sys/malloc.h>
13
14 #include <opencrypto/cryptodev.h>
15 #include <opencrypto/xform_auth.h>
16
17 #include <crypto/openssl/ossl.h>
18 #include <crypto/openssl/ossl_sha.h>
19
20 /* sha256-x86_64.S */
21 void sha256_block_data_order(SHA256_CTX *c, const void *in, size_t num);
22
23 /* From crypto/sha/sha256.c */
24
25 static void
ossl_sha224_init(void * c_)26 ossl_sha224_init(void *c_)
27 {
28 SHA256_CTX *c = c_;
29 memset(c, 0, sizeof(*c));
30 c->h[0] = 0xc1059ed8UL;
31 c->h[1] = 0x367cd507UL;
32 c->h[2] = 0x3070dd17UL;
33 c->h[3] = 0xf70e5939UL;
34 c->h[4] = 0xffc00b31UL;
35 c->h[5] = 0x68581511UL;
36 c->h[6] = 0x64f98fa7UL;
37 c->h[7] = 0xbefa4fa4UL;
38 c->md_len = SHA224_DIGEST_LENGTH;
39 }
40
41 static void
ossl_sha256_init(void * c_)42 ossl_sha256_init(void *c_)
43 {
44 SHA256_CTX *c = c_;
45 memset(c, 0, sizeof(*c));
46 c->h[0] = 0x6a09e667UL;
47 c->h[1] = 0xbb67ae85UL;
48 c->h[2] = 0x3c6ef372UL;
49 c->h[3] = 0xa54ff53aUL;
50 c->h[4] = 0x510e527fUL;
51 c->h[5] = 0x9b05688cUL;
52 c->h[6] = 0x1f83d9abUL;
53 c->h[7] = 0x5be0cd19UL;
54 c->md_len = SHA256_DIGEST_LENGTH;
55 }
56
57
58 #define DATA_ORDER_IS_BIG_ENDIAN
59
60 #define HASH_LONG SHA_LONG
61 #define HASH_CTX SHA256_CTX
62 #define HASH_CBLOCK SHA_CBLOCK
63
64 /*
65 * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
66 * default: case below covers for it. It's not clear however if it's
67 * permitted to truncate to amount of bytes not divisible by 4. I bet not,
68 * but if it is, then default: case shall be extended. For reference.
69 * Idea behind separate cases for pre-defined lengths is to let the
70 * compiler decide if it's appropriate to unroll small loops.
71 */
72 #define HASH_MAKE_STRING(c,s) do { \
73 unsigned long ll; \
74 unsigned int nn; \
75 switch ((c)->md_len) \
76 { case SHA224_DIGEST_LENGTH: \
77 for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++) \
78 { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \
79 break; \
80 case SHA256_DIGEST_LENGTH: \
81 for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++) \
82 { ll=(c)->h[nn]; (void)HOST_l2c(ll,(s)); } \
83 break; \
84 default: \
85 __assert_unreachable(); \
86 break; \
87 } \
88 } while (0)
89
90 #define HASH_UPDATE ossl_sha256_update
91 #define HASH_FINAL ossl_sha256_final
92 #define HASH_BLOCK_DATA_ORDER sha256_block_data_order
93
94 #include "ossl_hash.h"
95
96 struct auth_hash ossl_hash_sha224 = {
97 .type = CRYPTO_SHA2_224,
98 .name = "OpenSSL-SHA2-224",
99 .hashsize = SHA2_224_HASH_LEN,
100 .ctxsize = sizeof(SHA256_CTX),
101 .blocksize = SHA2_224_BLOCK_LEN,
102 .Init = ossl_sha224_init,
103 .Update = HASH_UPDATE,
104 .Final = HASH_FINAL,
105 };
106
107 struct auth_hash ossl_hash_sha256 = {
108 .type = CRYPTO_SHA2_256,
109 .name = "OpenSSL-SHA2-256",
110 .hashsize = SHA2_256_HASH_LEN,
111 .ctxsize = sizeof(SHA256_CTX),
112 .blocksize = SHA2_256_BLOCK_LEN,
113 .Init = ossl_sha256_init,
114 .Update = HASH_UPDATE,
115 .Final = HASH_FINAL,
116 };
117
118 _Static_assert(sizeof(SHA256_CTX) <= sizeof(struct ossl_hash_context),
119 "ossl_hash_context too small");
120